How-to: High Security Mode

Enterprise Feedback Suite permits optional operation of its admin area in High Security Mode. In this operation mode, in addition to EFS standard security features, supplementary protective measures that meet advanced requirements for web application security are activated. These include:

• stricter security criteria for the account names and passwords of staff members using the admin area, EFS Survey Status, EFS Translator Interface or the Org Processor.

• tightened brute force mechanism

• HTML Escaping

• limiting the session to a single IP or an IP address range

• reducing the session time

• preventing URL manipulations (referer checking)

• deactivation of caching in sensitive areas

• enforcing HTTP-only cookies

Please mind that the particularly high security level in High Security Mode imposes certain restrictions on usability (e.g. no access to the print version of the questionnaire, additional pop-up warnings in export and download processes). Therefore, the aforementioned features are not included in the standard version of EFS. Even without High Security Mode, EFS fulfills standard security requirements, thus ensuring a proper protection of your data.

Stricter Security Criteria For Passwords

Operation in High Security Mode will activate additional security criteria for the passwords of staff members:

• Account names are checked for complying usage of upper and lower case.

• No character may be used twice.

• Passwords must be at least eight characters long.

These criteria not only apply for the admin area but also for special logins such as EFS Survey Status, EFS Translator Interface and Org Processor.

Additional password requests before user actions

When working with accounts in the EFS Users admin or People module, additional password validation requests will be shown to the logged in user, when:

• Creating new EFS admin users

• Editing existing EFS admin users

• Creating new panelists in the People module

• Changing passwords of panelists in the People module

Tightened Brute Force Mechanism

In High Security Mode, additional features will also be activated for brute force protection:

• Staff members who enter their old password incorrectly six times when changing their password will be logged out automatically and their accounts suspended for the usual waiting period for brute force attacks (by default: 30 minutes).

• If an account is temporarily suspended by the brute force mechanism the Login Interface will no longer indicate the reason for suspension. This means that the person trying to log in is no longer able to differentiate whether the login data are incorrect or whether it is a temporary suspension. This approach prevents anyone from finding out existing account names by randomly typing in names.

HTML Escaping

When High Security Mode is activated, HTML code will no longer be interpreted within the admin area. This means that when you insert an image in an answer text in the questionnaire editor using <img src=“xxx“>, this image will appear in the questionnaire as usual. In the online statistics, however, only the HTML code will be displayed, the image will not be displayed.

Reducing the Session Time

The session time for staff members in the admin area is reduced to 15 minutes.

Limiting the Session to One IP or an IP Address Range

In High Security Mode, the session is tied to the IP resp. the IP address range from which the respective EFS user logs in. If the IP resp. the IP range changes while working in the admin area the account holder will be logged out.

Please note: If an EFS user connects to EFS via a proxy server and the proxy server changes the IP, the account holder will be logged out as well. While company networks often use proxies, these usually work with static IPs.

Preventing URL Manipulations (Referer Checking)

In High Security Mode, the system checks whether a person accessing a URL in the admin area is actually doing so from within the admin area, e. g. by clicking on a menu item. This is to prevent the URL of a page or function within the admin area from being manipulated or passed on outside EFS. If a URL is manually changed the browser will cease to transmit a referer. Please note:

• There are various anonymity and security tools that allow the referer to be removed from browser requests. If you or one of your staff members has installed such a tool you cannot work with EFS in active High Security Mode.

• From EFS 7.0, the referer check is not executed anymore for staff members using Microsoft Internet Explorer. The most recent versions of Internet Explorer do not send a http referer anymore in many cases, e.g. if the request is sent from a JavaScript function. With referer check activated, large parts of the admin area would be unusable.

Smarty Security Mode

In EFS Survey, Smarty’s security mode is always activated (see http://www.smarty.net/docsv2/en/variable.security.tpl). On Panel installations originally set up with EFS 7.0 or earlier, Smarty’s security mode is only activated in the High Security mode. For panel installations set up on EFS 7.1 or later, it is always activated.

Deactivation of Caching in Sensitive Areas

For sensitive functions, as e.g. entering password and security question, appropriate technical measures have been taken to prevent that data are kept in the browser cache.

Enforcing HTTP-only Cookies

From EFS 8.1, EFS will always use HTTP-only cookies in High Security mode, HTTP-only cookies are cookies which can be used by the browser, but not by user programs running in the browser. JavaScript access to the cookies, for example, would not be possible.